When encrypting a file, a computer user is often asked to input a password. The password is used to generate an encryption key, and the key is then used to encrypt a file or files. To decrypt the file or files, the user, or someone to whom the user has disclosed their password, must re-input the user's password exactly as it was input during the file encryption process.
To increase the likelihood that an attacker will not be able to guess and/or reverse engineer a password, various constraints and latitudes can be associated with a password. An example of a constraint is that a password has to comprise at least eight characters. An example of a latitude is that a password can comprise not only any letter in the alphabet (upper or lower case), but also any number or special character which a user may input into a computer via the computer's attached keyboard.
A problem with user input passwords is that they are sometimes mistyped. When a user mistypes their password during file decryption, the penalty is not being able to open an encrypted file or files, and the fix is to retype the password correctly. The penalty is small, and the fix is simple. When a user mistypes their password during file encryption, the penalty is once again an inability to open the encrypted file or files. However, the fix is much more difficult since the number of ways in which a password can be mistyped is voluminous, and once a file has been encrypted with a mistyped password, one's knowledge of the intended password does not yield a simple fix, as it is the apropriately mistyped password which one needs to know.
In the simplest cases of mistyping, a user mistypes one or more letters of their password. For example, HOUSE might become HLUSE or HLESE. However, in more severe cases of mistyping, a user might misplace their hands on a keyboard. Thus, HOUSE might become JPIDR. Although this second form of mistyping occurs with less frequency, it does happen, and its effects can be catastrophic. If a user has no knowledge of their mistyped password, and no knowledge of a computer's means for generating an encryption key (which will most always be the case), then a file or files encrypted with a mistyped password can be forever lost.
The problem of encrypting a file with a mistyped password is compounded by the fact that many password entry prompts do not display a password as it is typed. Instead, a number of asterisks or other meaningless characters are displayed. While such placeholder characters prevent an onlooker from seeing a user's password, they further the likelihood that a user will encrypt a file with a mistyped password.
The most common solution to the problem of mistyped passwords is to force a user to type their password twice in succession. The successively typed passwords are then compared to ensure that they are identical. If there is any difference between the two passwords, the user is prompted to repeat the entire password entry procedure. While this solution discovers some mistyped passwords, it does have its disadvantages. For one, the necessity of having to type a password twice discourages some users from selecting the longer passwords which are typically necessary for strong encryption. Furthermore, repetitive typing of a password does not guarantee that all mistypings of a password will be discovered. For example, repetitive password typing will not detect problems such as having the caps lock on unintentionally, or having one's fingers shifted with respect to a keyboard.
Another solution to the problem of mistyped passwords is to have software generate a number of check characters that must be typed with a password. The check characters are a function of the rest of the characters in the password and may be generated, for example, by submitting the password as a whole to a hash function. Software can then verify whether the password and the check characters correspond. If they do, the password is accepted. If they do not, the password is rejected. While this solution provides greater protection against mistyped passwords than does the repetitive typing solution, it also tends to weaken encryption. Since a user is forced to remember their base password, as well as a seemingly random number of check characters, many users will shorten their base password so as to keep the total number of characters which need to be remembered to a manageable number (maybe 8–10). Thus, instead of typing in an 8–10 character password, a user might type in a less secure password of maybe 5–7 characters so that once the computer generates 3 or so check characters, the user need only remember a total of 8–10 characters. Unfortunately, the 8–10 characters which include check characters are not as strong from an encryption standpoint as 8–10 characters which are all independent from one another. The use of check characters to prevent mistyped passwords can therefore result in weaker encryption for some users. On the other hand, users who are more concerned about the strength of their password might continue to use longer base passwords, possibly taking advantage of the full number of characters allotted for a password (e.g., 20). However, if software receives a 20 character password, and then generates additional check characters, most users will be forced to write down their password. At a minimum, most users will be forced to write down the check characters. Although a 23 character password having a 20 character base password will provide as strong or stronger encryption than a 20 character base password standing alone, the fact that some or all of the 23 character password will need to be written down increases the likelihood that an attacker might discover the paper (or file) on which the password is recorded. Since most users rely on commercially available encryption/decryption software, once an attacker discovers a user's password or check characters, it is often a fairly easy task to reverse engineer the missing element(s) of the user's password. At a minimum, discovery of the check characters can reduce the number of trials which an attacker needs to make to “crack” an encrypted message.
A need therefore exists for a better method of insuring that a password input into a computer is the password which a user intended to input into the computer.